On-Demand Demo
Case Study

Agents take actions.
Agent Guard governs them.

Tool-level policy enforcement, isolated execution environments, and cryptographic audit trails. Centrally controlled but locally enforced from the desktop to the edge.

Get a Demo Why Jozu

The Agent Governance Comparison

Capability Sandboxes
(Docker, E2B)		 MCP Gateways
(Lasso, Solo.io, IBM)		 Guardrails
(NVIDIA, AWS Bedrock)		 Jozu
Supply Chain Scanning Integrated scanners with signed attestations
Cryptographic Signing Container images only All AI artifacts: agents, MCP servers, models
Admission-Time Policy ArtifactPolicy gates deployment
Runtime Tool Access Control Limited sandboxing API-level routing Declarative ToolPolicy per-tool, per-agent, per-user
Guardrail Orchestration Varies Runtime content filtering Policy-driven thresholds via GuardrailPolicy
Human-in-the-Loop Yes Yes Yes Pauses agent workflows for high-risk actions via MCP elicitation
Disconnected Enforcement Yes Policy as OCI artifact, enforces locally
Audit Trail Limited Varies Cloud-only Tamper-evident, cryptographically chained, works disconnected
MCP Registry for IDEs Docker MCP Catalog MCP Registry API for VS Code, Cursor, Claude Desktop
REAL IMPACT

Attacks Have Already Happened, and They're Only Accelerating.

SEP 2025

MCP Impersonation

A compromised Postmark agent silently copies every email to an attacker. No user / logs visibility.

Agent Guard blocks impersonated packages before deployment

SEP 2025

Compromised NPM Package

A single poisoned dependency auto-installed across agentic workflows exposes SSH keys and API tokens at scale.

Agent Guard prevents tampered dependencies from reaching agentic workflows

APR 2025

EchoLeak Agent Exfiltration

Sensitive data is exfiltrated and corrupted through an attacker-controlled agent.

Agent Guard stops rogue agents from task routing

MAY 2025

GitHub MCP Tool Poisoning

Private code and data are exfiltrated without user awareness or audit trail.

Agent Guard catches model, agent, and MCP server tampering

WHY JOZU

Speed and Security for Agents & MCPs

Jozu Agent Guard enables central security teams to vet, sign, and govern AI artifacts from development to execution across servers, laptops, and edge devices.

Artifact Verification

Jozu scans every AI artifact and attaches scan results and policies as tamper-evident attestations readable by all well adopted source tools.

Local Enforcement

Jozu distributes policies with deployed artifacts and enforces them locally on laptops, edge devices, and air-gapped networks with no connectivity to a central controller required.

Task Protection

Jozu Agent Guard protects access to individual tool calls within an MCP server's catalog, not just prompts or MCP servers as a whole.

Open Standards

Jozu uses CNCF's KitOps project and the OCI standard for packaging, ensuring compatibility with existing developer and DevOps tools with no vendor lock-in.

THE JOZU SOLUTION

Jozu Provides. Core AI Security Capabilities.

Jozu Agent Guard is the enforcement point in your environment. It evaluates policies at admission time and runtime using a single policy engine and a single policy language.

  • Two-Phase Policy Enforcement

    Evaluates at admission time (can this artifact be deployed?) and at runtime (can this agent invoke this tool?). Same policy engine. Same policy language. Most tools handle one phase. Jozu covers both.

  • Guardrail Orchestration

    Agent Guard's guardrails protect against prompt injection, content safety, PII detection, and toxicity filtering. Thresholds are policy-driven and configurable so they can adapt to different roles and environments.

  • Human-in-the-Loop

    High-risk actions trigger human confirmation through MCP's elicitation protocol. Destructive operations, financial transactions, and sensitive data access require user approval. Every decision is in the audit trail.

  • Cryptographically Secured Audit Logging

    Every policy decision is logged with full context and cryptographically chained so it can't be tampered with. Agent Guard operates autonomously even when it's disconnected, then syncs to Jozu Hub when re-connected.

  • Cost Metering

    Track token consumption, compute usage, and tool invocation counts across agents and environments. Tied to the same policy engine that governs everything else.

How It Works

Jozu Agent Guard establishes trust before execution, governs behavior during execution, and audits everything for post-execution review.

  1. 1

    Scan and Sign

    Agents, MCP servers, and models are scanned for supply chain vulnerabilities, content safety issues, prompt injection susceptibility, and backdoor detection. Scan results are attached as signed attestations.
  2. 2

    Curate and Distribute

    Approved artifacts are stored in Jozu Hub as OCI-compliant ModelKits. Policies are packaged alongside the artifacts they govern and distributed through the same OCI registries.
  3. 3

    Enforce at Admission

    Artifact Policy evaluates every artifact before deployment. Signature requirements, scan thresholds, and provenance checks gate what reaches any environment.
  4. 4

    Enforce at Runtime

    Jozu Agent Guard evaluates Tool Policy and Guardrail Policy on every tool invocation and inference request. Fail closed by design. Every decision is logged.

Built for Agent Protection

Without Jozu:

Agents and MCP servers pulled from public sources without verification. No supply chain scanning. No cryptographic signing. Runtime governance depends on a centralized control plane with persistent connectivity.

  • Unverified agents from public sources
  • No supply chain scanning or signing
  • Centralized control plane dependency
  • Disconnected environments are ungoverned
  • No standard audit trail for agent actions

With Jozu:

Every agent, MCP server, and model is scanned, signed, and attested in Jozu Hub. Policies travel as OCI artifacts. The AI Policy Gateway enforces locally in every environment.

  • Scanned, signed, and attested artifacts
  • Policies as OCI artifacts alongside agents
  • Local enforcement, no control plane dependency
  • Tamper-evident, cryptographically chained audit logs
  • Declarative tool access by policy, not just identity

Why Not Just Use
an MCP Gateway?

MCP gateways from Lasso, IBM, Solo.io, and Microsoft apply runtime controls but require persistent connections to a central control plane, creating a single point of failure. None scan, sign, or verify MCP server artifacts before deployment.

Single point of failure.

If the control plane goes down, every agent either fails open (security gap) or fails closed (outage).

Most require connectivity.

Intermittently connected and air-gapped environments cannot be governed.

Concentrates risk.

One compromised control plane affects every governed agent.

No supply chain governance.

No artifact scanning, no signing, no provenance verification. The agent entering the gateway is assumed trustworthy. Who verified it?

Jozu's approach:

Policies are OCI artifacts that travel with the agents they govern. Jozu Attest enforces locally. No centralized control plane. No connectivity dependency. Supply chain verification happens before the agent ever runs.

Govern AI Agents and MCP Servers from Supply Chain Through Runtime

Jozu Agent Guard is a zero-trust AI runtime that executes agents, models, and MCP servers inside contained environments with policy enforcement the agent cannot disable or reason its way around.

Talk to Us